Security Engineer III- Senior Security Risk Assessor & Consultant
JOB SUMMARYResponsible for leading the engineering activities that evaluate cyber security risk and potential security threats to the company's ISP, Video, Voice, software and cloud systems. This position will work closely with network engineering, video engineering, product groups and technical operations staff performing cyber security risk assessment and management of existing and new business technologies and tools improve security operations, risk management processes and as security threats and vulnerabilities are detected and coordinate the response to mitigate and remediate the threat to Charter’s network. Assessor will be a part of a team that conduct’s the threat management and risk assessment processes for network security operations and communicate to executive leadership.
MAJOR DUTIES AND QUALIFICATIONS
Recommend and implement processes and controls through risk assessment that establish appropriate governance structures for managing risk according NIST and other frameworks.
Advise and provide consulting on security counter-measures.
Implement, maintain and monitor threat intelligence data from various resources that is relevant to Charter’s networks and systems.
Actively advises on and evaluates the impact of cyber threats.
Recommend design security processes and solutions used by Network Security Operations.
Develop security requirements for new projects and perform the security risk assessments prior to going into production.
Perform and coordinate engagements with 3rd party service providers to perform ongoing security testing on critical assets.
Ensure compliance with security standards, policies and procedures.
Adhere to industry specific local, state, and federal regulations, as applicable.
Skills / Abilities and Knowledge
IT/Network Engineering experience 7+
- Ability to read, write and speak the English language to communicate with employees, customers, suppliers, in person, on the phone, and by written communications in a clear, straight-forward, and professional manner.
- Proficient knowledge of network and system security vulnerabilities and exploits. Must understand what is required to prevent security exploits, how to detect security attacks and anomalies and how to respond to security incidents and intrusions.
- Proficient knowledge of related industry specifications and standards NIST, CSRIC, Firewalls, Intrusion Detection and Prevention, DNS, Routing, Ethernet and Transport technologies and protocols
- Proficient knowledge in network security design, network security architecture, TCP/IP protocols and topology.
Proficient knowledge of forensic methodologies and best practices to investigate intrusions, preserve evidence and coordinate a unified security response.
- Related experience in conducting risk assessments across the organization, mission and business processes.
Proficient knowledge in cloud based applications, platforms and services security.
- Demonstrated leadership capabilities with the ability to work across functional boundaries, build consensus and drive results.
Must have very strong written and verbal communication skills and should have good presentation skills.
- Must be a problem solver, able to balance competing priorities, have a strong process orientation and be able to manage through complexity and rapid change.
- Understanding of “ownership” of a project/program and the ability to execute on that with accountability
- Exhibit leadership skills working with cross-functional teams
- Subject Matter Expert (SME) with cybersecurity solutions and critical controls as you will be expected to consult and perform assessments against these items and architecture
- Have information security experience in a variety of industries and company types to show a depth and breadth of security acumen
- Excellent verbal communication and written composition skills with experience and confidence providing reports and consultation to internal clients and executive level staff
- A keen ability to discuss, consult on, and drive solutions around the Common Body of Knowledge (CBK) which is a comprehensive compilation of all the relevant subjects a security professional should be familiar with
Bachelor's Degree in Information Security or related field or related work experience
RELATED WORK EXPERIENCE Number of Years
Information Security experience 5-7
Current security certifications, such as CISSP, ISACA, and SANS GIAC. Firewall, Intrusion Detection Systems, and/or other security technologies engineering
Information Security Risk ManagementCyber-security Consulting
Security Information and Event Management (SIEM)
May require some weekends and evening shift work
Minimal Travel Required
Other Locations For This Job